Google Cloud Integration
Step 1 - Enable Required Google Cloud API
Log in to the Google Cloud console with organization administrator credentials.
Start Cloud Shell by clicking the CLI icon on the right side of the bar.â
In the shell interface, enter the following script to enable required API access, in all of the projects that Rezonate should protect.
for project in $(gcloud projects list --format="value(projectId)") do echo "ProjectId: $project" gcloud services enable cloudresourcemanager.googleapis.com --project=$project gcloud services enable recommender.googleapis.com --project=$project gcloud services enable cloudasset.googleapis.com --project=$project gcloud services enable policyanalyzer.googleapis.com --project=$project done |
Select a single project from which you will set the access to the Google Workspace APIâs.
Open a new tab in the Cloud Shell interface.
Run the command to retrieve the ID of the current project:
Save the ID of this project and send it to Rezonate.
Run the following commands:
gcloud services enable admin.googleapis.com --project=$DEVSHELL_PROJECT_ID gcloud services enable alertcenter.googleapis.com --project=$DEVSHELL_PROJECT_ID |
Appendix: List of APIs and their usage
API Endpoint | Why Rezonate Requests This Endpoint |
---|---|
cloudresourcemanager.googleapis.com | This API allows reading of the organizational structure and objects in it. |
recommender.googleapis.com | This API allows the reading of Google insights regarding your organization. |
cloudasset.googleapis.com | This API allows the reading of resources within your projects. |
policyanalyzer.googleapis.com | This API allows the reading of policies throughout the whole organizational structure. |
admin.googleapis.com | This API allows the reading of directory data within Google Workspace. |
alertcenter.googleapis.com | This API allows the reading of alert data within Google Workspace. |
Step 2 - Grant Rezonate Access to Your Google Cloud Organization
Head over to the IAM page. Use the organization/project drop-down list to choose your Organization.
Click Grant Access.
In the New Principals box, enter the email address provided by Rezonate - rezonate@rezonapp.iam.gserviceaccount.com, to establish trust between the organizations.
In the Role boxes, grant the new service account the following read-only roles, at the organization level:
Browser
Security Reviewer
Viewer
Click Save.
Execute the following commands to retrieve your organization ID, and the list of all project IDs and filter the ones you want Rezonate to access:
gcloud projects list --format="value(projectId)" gcloud organizations list --format="value(ID)" |
Last updated